labbers_delight_rev3

I took a quick moment to post before this, advising not to study or lab tired, cause as can be seen towards the end of my Part 4 of this lab I am just tired and swinging at air.

Anyway, we now have R1 and R3 both acting as ASBR’s, with R1 doing 2-way route-tagged Distribution and R3 doing 3-way tagged Route Redistribution. We even still have authentication running on all routing domains, life does not get much better than this!

Honestly the fact that I have all protocol Authentication configurations documented, and how that all fits together, in addition to a solid understand of Distribute-List configuration I am very happy. The fact that I was able to get Multi-Point 2-way and 3-way routing to play nice (with some troubleshooting) is awesome, so Policy Routing is going to be my wrap up here to this lab because I have wanted to make the Summary Route do sub-optimal for half the routes since this began! 🙂

 

Quickly turning on L3 functionality for SW1 and testing connectivity

 

I probably didn’t need the new topic blue header for this, but I never know what I’m in for starting out with something new to the lab, so I put SW1 on the RIP network and want to see if it’s pingable with just a management IP for Vlan1.

So the quick config on SW1:

SW1(config)#ip routing
SW1(config)#router rip
SW1(config-router)#no auto
SW1(config-router)#network 172.12.23.0

And then a quick test from R5 to see if it can see it all the way down there:

R5#ping 172.12.23.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.12.23.1, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 64/65/68 ms
R5#

Woohoo! Sweet Sweet connectivity, now to path selection / manipulation with PBR.

 

Policy Routing Configuration / Local Policy Routing configuration

 

Again once you know route-map configuration, PBR is a walk in the park to setup and apply, which is what I say right before I run into 1000 unforseen problems. So I would like half the traffic from our Summary Route to take a different path over the NBMA, as it won’t do equal cost load balancing by default the way EIGRP will, so I’ll set it myself:

R1(config)#$ 105 permit ip 100.1.0.0 0.0.255.255 172.12.23.0 0.0.0.255
R1(config)#$ 105 permit ip 100.2.0.0 0.0.255.255 172.12.23.0 0.0.0.255
R1(config)#$ 105 permit ip 100.3.0.0 0.0.255.255 172.12.23.0 0.0.0.255
R1(config)#$ 105 permit ip 100.4.0.0 0.0.255.255 172.12.23.0 0.0.0.255
R1(config)#route-map SummaryTrafficHop permit 10
R1(config-route-map)#match ip add 105
R1(config-route-map)#set ip next-hop 172.12.123.2
R1(config-route-map)#int fa0/1
R1(config-if)#ip policy route SummaryTrafficHop
R1(config-if)#

So it is now set up on R1 to filter said networks in the summary route, let’s test the preferred route in general from R5, then the networks involved in the Policy Route:

R5#traceroute 172.12.23.1

Type escape sequence to abort.
Tracing the route to 172.12.23.1

  1 172.12.15.1 0 msec 4 msec 0 msec
  2 172.12.123.3 32 msec 36 msec 32 msec
  3 172.12.23.1 32 msec *  32 msec
 
R5#traceroute 172.12.23.1 source 100.4.0.1

Type escape sequence to abort.
Tracing the route to 172.12.23.1

  1 172.12.15.1 0 msec 4 msec 0 msec
  2 172.12.123.2 32 msec 32 msec 36 msec
  3  *
    172.12.23.1 32 msec *
R5#traceroute 172.12.23.1 source 100.5.0.1

Type escape sequence to abort.
Tracing the route to 172.12.23.1

  1 172.12.15.1 4 msec 0 msec 4 msec
  2 172.12.123.3 32 msec 32 msec 32 msec
  3 172.12.23.1 32 msec *  32 msec
R5#

This really surprised me at first, as when there was a Router connected to R2 and R3 via FastEthernet, we would see those traceroute returns up to R1 and back to the other spoke even using OSPF across the board. With a switch on the Ethernet segment however, it is that “One and Done” I was talking about wasn’t possible to truly configure PBR along a network path. I personally think Chris Bryant did a really horse sh*t job of teaching that section, and as much as I love his training, I would say that right to his face 🙂

So for future reference, if this type of Topology pops up with Policy Routing in question, you will need to configure Policy Routes on the next-hop Router to then direct traffic onto the Ethernet to its destination rather than back over the NBMA.

THAT BEING SAID, I THINK WE NEED TO INTRODUCE A LITTLE ANARCHY TO THE NETWORK, AND DOING SO WITH A POLICY ROUTE:

R1(config)#access-list 111 permit ip 11.11.11.0 0.0.0.255 host 4.4.4.4
R1(config)#route-map LocalNextHop permit 10
R1(config-route-map)#match ip add 111
R1(config-route-map)#set ip next-hop 172.12.123.2
R1(config-route-map)#

Now I know I don’t even NEED to tell you at this point, but that is a sub-optimal path even if it zip across the FastEthernet instead of across the Serial Link and Back to R3 to reach R4’s loopback address of 4.4.4.4, but lettuce see what happens when we traceroute it:

R1(config)#access-list 111 permit ip 11.11.11.0 0.0.0.255 host 4.4.4.4
R1(config)#route-map LocalNextHop permit 10
R1(config-route-map)#match ip add 111
R1(config-route-map)#set ip next-hop 172.12.123.2
R1(config-route-map)#do traceroute 4.4.4.4 source 11.11.11.1

Type escape sequence to abort.
Tracing the route to 4.4.4.4

  1 172.12.123.3 76 msec 32 msec 32 msec
  2 172.12.34.4 33 msec *  32 msec
R1(config-route-map)#

… The result of this traceroute displeases me. However, after staring at that configuration for a moment, I realize I completely spaced putting in the actual local policy statement.

This is why I made a post about studying tired, and why I am wrapping this up !

R1(config)#ip local policy route LocalNextHop
R1(config)#do traceroute 4.4.4.4 source 11.11.11.1

Type escape sequence to abort.
Tracing the route to 4.4.4.4

  1 172.12.123.2 32 msec 32 msec 32 msec
  2 172.12.123.1 24 msec 24 msec 24 msec
  3 172.12.123.3 56 msec 52 msec 57 msec
  4 172.12.34.4 56 msec *  52 msec
R1(config)#

I am a bit surprised by this, I would have thought it would take the ethernet segment over to R3, I must advice R3’s route table quick to understand this madness of sending back over the Serial Link rather than through the Ethernet:

R2#show ip route

Gateway of last resort is not set

     1.0.0.0/32 is subnetted, 1 subnets
O       1.1.1.1 [110/65] via 172.12.123.1, 02:03:41, Serial0/0
     2.0.0.0/32 is subnetted, 1 subnets
C       2.2.2.2 is directly connected, Loopback2
     100.0.0.0/13 is subnetted, 1 subnets
O E1    100.0.0.0 [110/84] via 172.12.123.1, 02:03:41, Serial0/0
     33.0.0.0/24 is subnetted, 1 subnets
O E2    33.33.33.0 [110/2] via 172.12.123.3, 02:03:41, Serial0/0
     3.0.0.0/32 is subnetted, 1 subnets
O       3.3.3.3 [110/65] via 172.12.123.3, 02:03:41, Serial0/0
     4.0.0.0/32 is subnetted, 1 subnets
O E2    4.4.4.4 [110/20] via 172.12.123.3, 02:03:42, Serial0/0
     172.12.0.0/24 is subnetted, 4 subnets
O E2    172.12.34.0 [110/20] via 172.12.123.3, 02:03:44, Serial0/0
O E1    172.12.15.0 [110/84] via 172.12.123.1, 02:03:44, Serial0/0
C       172.12.23.0 is directly connected, FastEthernet0/0
C       172.12.123.0 is directly connected, Serial0/0
     22.0.0.0/24 is subnetted, 1 subnets
C       22.22.22.0 is directly connected, Loopback22
     11.0.0.0/24 is subnetted, 1 subnets
O E1    11.11.11.0 [110/84] via 172.12.123.1, 02:03:44, Serial0/0
R2#

I smell a 6th lab needed for sub-optimal routing, and changing AD’s! This should have taken the path through the RIP domain to get to R4 (along with other traffic), however it’s the tie breaker (it’s AD) beat RIP 110 vs 120 so the OSPF route is in the route table as an E2 route.

This is a good note to end it on for me, next lab I will be troubleshooting some sub-optimal routing I find around the network with PBR and AD changes, then it is time to learn about and configure some VPN’s on our Authenticated and Redistributed monster of a network 🙂